Synopsis: Moderate: lzo security update Advisory ID: SLSA-2014:0861-2 Issue Date: 2014-07-09 CVE Numbers: CVE-2014-4607 -- An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code. (CVE-2014-4607) For the update to take effect, all services linked to the lzo library must be restarted or the system rebooted. -- SL6 x86_64 lzo-2.03-3.1.el6_5.1.i686.rpm lzo-devel-2.03-3.1.el6_5.1.i686.rpm lzo-2.03-3.1.el6_5.1.x86_64.rpm lzo-minilzo-2.03-3.1.el6_5.1.x86_64.rpm lzo-devel-2.03-3.1.el6_5.1.x86_64.rpm lzo-minilzo-2.03-3.1.el6_5.1.i686.rpm lzo-debuginfo-2.03-3.1.el6_5.1.x86_64.rpm lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm i386 lzo-minilzo-2.03-3.1.el6_5.1.i686.rpm lzo-2.03-3.1.el6_5.1.i686.rpm lzo-devel-2.03-3.1.el6_5.1.i686.rpm lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm srpm lzo-2.03-3.1.el6_5.1.src.rpm noarch lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm lzo-debuginfo-2.03-3.1.el6_5.1.x86_64.rpm - Scientific Linux Development Team